A research paper published by four Israeli scientists details a new attack called PRMitM, or the “Password Reset Man-in-the-Middle,” in which attackers hide password reset interactions for a user’s legitimate profile inside account registration interactions on another site.